You are here: Foswiki>Tasks Web>Item13549 (03 Aug 2015, GeorgeClark)Edit Attach

Item13549: Filter backslash from Topic and Attachment names

pencil
Priority: Security
Current State: Closed
Released In: 2.0.1
Target Release: patch
Applies To: Engine
Component:
Branches: master Item13525
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
NameFilter doesn't in include the backslash. It breaks search completely on Foswiki 2.0. Any web containing that topic name cannot be searched. On 1.1.9, search can find the topic without crashing, but it displays only part of the name. Topic Ab/Cd displays as "Cd" on 1.1.9, so the topic cannot be reached.

Recreate: Go do sandbox, create a topic named Ab\Cd Save. Topic is saved, and can be edited. But visit Sandbox.WebHome and search crashes.

Could not perform search. Error was: Assertion failed!
at /var/www/foswiki/distro/core/lib/AssertOn.pm line 30.
Assert::ASSERT("") called at /var/www/foswiki/distro/core/lib/Foswiki/MetaCache.pm line 216
Foswiki::MetaCache::get(Foswiki::MetaCache=HASH(0x421fe30), "Litterbox.Cd") called at /var/www/foswiki/distro/core/lib/Foswiki/Search/InfoCache.pm line 302
Foswiki::Search::InfoCache::sortTopics(ARRAY(0x3e21810), "modified", "") called at /var/www/foswiki/distro/core/lib/Foswiki/Search/InfoCache.pm line 220
Foswiki::Search::InfoCache::sortResults(Foswiki::Search::InfoCache=HASH(0x3e21990), HASH(0x40a11c0)) called at /var/www/foswiki/distro/core/lib/Foswiki/Search/ResultSet.pm line 273
Foswiki::Search::ResultSet::sortResults(Foswiki::Search::ResultSet=HASH(0x421fea8), HASH(0x40a11c0)) called at /var/www/foswiki/distro/core/lib/Foswiki/Iterator/FilterIterator.pm line 64
Foswiki::Iterator::FilterIterator::sortResults(Foswiki::Iterator::FilterIterator=HASH(0x41f8778), HASH(0x40a11c0)) called at /var/www/foswiki/distro/core/lib/Foswiki/Store/Interfaces/QueryAlgorithm.pm line 140
Foswiki::Store::Interfaces::QueryAlgorithm::query(Foswiki::Store::SearchAlgorithms::Forking=HASH(0x41abdd8), Foswiki::Search::Node=HASH(0x41502e8), undef, Foswiki=HASH(0x2787f00), HASH(0x40a11c0)) called at /var/www/foswiki/distro/core/lib/Foswiki/Store/PlainFile.pm line 886
Foswiki::Store::PlainFile::query(Foswiki::Store::PlainFile=HASH(0x31737f0), Foswiki::Search::Node=HASH(0x41502e8), undef, Foswiki=HASH(0x2787f00), HASH(0x40a11c0)) called at /var/www/foswiki/distro/core/lib/Foswiki/Meta.pm line 984

Marking as a security task, as it can DoS a web.

-- GeorgeClark - 21 Jul 2015

 
Topic revision: r5 - 03 Aug 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy